92 lines
2.2 KiB
JavaScript
92 lines
2.2 KiB
JavaScript
var sanitizeHTML = require("sanitize-html");
|
|
|
|
// These tags are allowed in addition to the defaults
|
|
// See https://github.com/punkave/sanitize-html
|
|
const ALLOWED_TAGS = [
|
|
"button",
|
|
"center",
|
|
"details",
|
|
"font",
|
|
"h1",
|
|
"h2",
|
|
"img",
|
|
"marquee", // It pains me to do this, but a lot of people use it...
|
|
"section",
|
|
"span",
|
|
"summary"
|
|
];
|
|
|
|
const ALLOWED_ATTRIBUTES = [
|
|
"id",
|
|
"aria-*",
|
|
"border",
|
|
"class",
|
|
"color",
|
|
"data-*",
|
|
"height",
|
|
"role",
|
|
"style",
|
|
"title",
|
|
"valign",
|
|
"width"
|
|
];
|
|
|
|
var ATTRIBUTE_MAP = {
|
|
a: ["href", "name", "target"],
|
|
font: ["size"],
|
|
img: ["src"],
|
|
marquee: ["behavior", "behaviour", "direction", "scrollamount"],
|
|
table: ["cellpadding", "cellspacing"],
|
|
th: ["colspan", "rowspan"],
|
|
td: ["colspan", "rowspan"]
|
|
}
|
|
|
|
for (var key in ATTRIBUTE_MAP) {
|
|
ALLOWED_ATTRIBUTES.forEach(function (attr) {
|
|
ATTRIBUTE_MAP[key].push(attr);
|
|
});
|
|
}
|
|
|
|
sanitizeHTML.defaults.allowedTags.concat(ALLOWED_TAGS).forEach(function (tag) {
|
|
if (!(tag in ATTRIBUTE_MAP)) {
|
|
ATTRIBUTE_MAP[tag] = ALLOWED_ATTRIBUTES;
|
|
}
|
|
});
|
|
|
|
const SETTINGS = {
|
|
allowedTags: sanitizeHTML.defaults.allowedTags.concat(ALLOWED_TAGS),
|
|
allowedAttributes: ATTRIBUTE_MAP
|
|
};
|
|
|
|
function sanitizeText(str) {
|
|
str = str.replace(/&/g, "&")
|
|
.replace(/</g, "<")
|
|
.replace(/>/g, ">")
|
|
.replace(/"/g, """)
|
|
.replace(/'/g, "'")
|
|
.replace(/\(/g, "(")
|
|
.replace(/\)/g, ")");
|
|
return str;
|
|
}
|
|
|
|
function decodeText(str) {
|
|
str = str.replace(/&#([0-9]{2,7});?/g, function (m, p1) {
|
|
return String.fromCharCode(parseInt(p1));
|
|
});
|
|
str = str.replace(/&#x([0-9a-f]{2,7});?/ig, function (m, p1) {
|
|
return String.fromCharCode(parseInt(p1, 16));
|
|
});
|
|
str = str.replace(/</g, "<")
|
|
.replace(/>/g, ">")
|
|
.replace(/"/g, "\"")
|
|
.replace(/&/g, "&");
|
|
return str;
|
|
}
|
|
|
|
module.exports.sanitizeHTML = function (html) {
|
|
return sanitizeHTML(html, SETTINGS);
|
|
};
|
|
|
|
module.exports.sanitizeText = sanitizeText;
|
|
module.exports.decodeText = decodeText;
|